CERT-In Advisory CIAD-2009-09
Buffer Overflow Vulnerability in Adobe Acrobat and Reader
Original issue date:
February 23, 2009
Updated:
March 27, 2009
Severity Rating: High
Systems Affected
- Adobe Reader versions 9.x
- Adobe Reader versions 8.x
- Adobe Reader versions 7.x
- Adobe Acrobat versions 9.x
- Adobe Acrobat versions 8.x
- Adobe Acrobat versions 7.x
Overview
A vulnerability has been reported in Adobe Reader/Acrobat that could allow a remote attacker to execute arbitrary code and take complete control of vulnerable system.
Description
1. Buffer overflow Vulnerability (CVE-2009-0658)
A buffer overflow vulnerability exist in Adobe Acrobat and Reader. This vulnerability is triggered while loading and processing specially crafted PDF file containing malformed image. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code and to take complete of the vulnerable system.
Note: Proof-of-concept code to exploit is publicly available on Internet.
Workarounds
- Disable JavaScript in Adobe Acrobat and Reader
- Disable displaying of PDF documents in Web Browser
- Disable Automatic opening of PDF documents
Do not open PDF documents received in emails from untrusted sources 2. JavaScript input validation vulnerability (CVE-2009-0927)
An unspecified vulnerability has been reported in Adobe Acrobat and Reader. A remote attacker can exploit this vulnerability by enticing users to open a specially crafted file containing JavaScript method call. Adobe Reader and Acrobat fails to validate user supplied values which could allow remote attacker to execute arbitrary code on the target system with the privileges of the target user.
3. Heap based Buffer overflow Vulnerability
(CVE-2009-0193, CVE-2009-1061, CVE-2009-1062,
CVE-2009-0928)
A heap-based buffer overflow vulnerability exists in Adobe Reader and Acrobat. This vulnerability is caused due to improper boundary checking condition while processing malformed JBIG2 symbol dictionary segment embedded within a PDF document. An attacker can exploit this vulnerability by enticing users to open malformed PDF file, which is specially crafted for triggering a heap-based buffer overflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of currently logged-in user or could cause denial of service (application crash).
Solution Apply appropriate patches as mentioned in APSB09-04
Vendor Information
Adobe
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://www.adobe.com/support/security/advisories/apsa09-01.html
References
US-CERT
http://www.kb.cert.org/vuls/id/905281
SecurityTracker
http://securitytracker.com/alerts/2009/Feb/1021739.html
http://securitytracker.com/alerts/2009/Mar/1021861.html
http://www.securitytracker.com/alerts/2009/Mar/1021892.html
Security Focus
http://www.securityfocus.com/bid/33751
http://www.securityfocus.com/bid/34169
http://www.securityfocus.com/bid/34229
http://xforce.iss.net/xforce/xfdb/49405
VUPEN Security
http://www.vupen.com/english/advisories/2009/0472
http://www.vupen.com/english/advisories/2009/0840
CVE Name
CVE-2009-0193
CVE-2009-0658
CVE-2009-0927
CVE-2009-0928
CVE-2009-1061
CVE-2009-1062
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
